27696 00:57:58 (0) ** WMIDiag v2.1 started on vrijdag 9 november 2012 at 00:54. 27697 00:57:58 (0) ** 27698 00:57:58 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007. 27699 00:57:58 (0) ** 27700 00:57:58 (0) ** This script is not supported under any Microsoft standard support program or service. 27701 00:57:58 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all 27702 00:57:58 (0) ** implied warranties including, without limitation, any implied warranties of merchantability 27703 00:57:58 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance 27704 00:57:58 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors, 27705 00:57:58 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for 27706 00:57:58 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits, 27707 00:57:58 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of 27708 00:57:58 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised 27709 00:57:58 (0) ** of the possibility of such damages. 27710 00:57:58 (0) ** 27711 00:57:58 (0) ** 27712 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 27713 00:57:58 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ---------------------------------------------------------- 27714 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 27715 00:57:58 (0) ** 27716 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 27717 00:57:58 (0) ** Windows 7 - Service Pack 1 - 64-bit (7601) - User 'JULES-PC\JULES' on computer 'JULES-PC'. 27718 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 27719 00:57:58 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)! 27720 00:57:58 (0) ** INFO: => 33 possible incorrect shutdown(s) detected on: 27721 00:57:58 (0) ** - Shutdown on 26 October 2012 09:04:13 (GMT-0). 27722 00:57:58 (0) ** - Shutdown on 26 October 2012 09:43:35 (GMT-0). 27723 00:57:58 (0) ** - Shutdown on 02 November 2012 14:17:59 (GMT-0). 27724 00:57:58 (0) ** - Shutdown on 03 November 2012 20:46:08 (GMT-0). 27725 00:57:58 (0) ** - Shutdown on 03 November 2012 21:48:49 (GMT-0). 27726 00:57:58 (0) ** - Shutdown on 03 November 2012 22:50:54 (GMT-0). 27727 00:57:58 (0) ** - Shutdown on 03 November 2012 23:53:52 (GMT-0). 27728 00:57:58 (0) ** - Shutdown on 04 November 2012 00:59:31 (GMT-0). 27729 00:57:58 (0) ** - Shutdown on 04 November 2012 02:01:22 (GMT-0). 27730 00:57:58 (0) ** - Shutdown on 04 November 2012 03:06:53 (GMT-0). 27731 00:57:58 (0) ** - Shutdown on 04 November 2012 12:55:24 (GMT-0). 27732 00:57:58 (0) ** - Shutdown on 04 November 2012 14:41:47 (GMT-0). 27733 00:57:58 (0) ** - Shutdown on 04 November 2012 15:46:21 (GMT-0). 27734 00:57:58 (0) ** - Shutdown on 04 November 2012 16:51:01 (GMT-0). 27735 00:57:58 (0) ** - Shutdown on 04 November 2012 18:11:43 (GMT-0). 27736 00:57:58 (0) ** - Shutdown on 04 November 2012 19:50:14 (GMT-0). 27737 00:57:58 (0) ** - Shutdown on 04 November 2012 21:14:23 (GMT-0). 27738 00:57:58 (0) ** - Shutdown on 04 November 2012 22:34:57 (GMT-0). 27739 00:57:58 (0) ** - Shutdown on 04 November 2012 23:46:36 (GMT-0). 27740 00:57:58 (0) ** - Shutdown on 05 November 2012 18:48:10 (GMT-0). 27741 00:57:58 (0) ** - Shutdown on 06 November 2012 16:03:34 (GMT-0). 27742 00:57:58 (0) ** - Shutdown on 06 November 2012 18:23:48 (GMT-0). 27743 00:57:58 (0) ** - Shutdown on 06 November 2012 22:52:20 (GMT-0). 27744 00:57:58 (0) ** - Shutdown on 07 November 2012 00:05:39 (GMT-0). 27745 00:57:58 (0) ** - Shutdown on 07 November 2012 12:55:13 (GMT-0). 27746 00:57:58 (0) ** - Shutdown on 07 November 2012 14:00:37 (GMT-0). 27747 00:57:58 (0) ** - Shutdown on 07 November 2012 18:11:07 (GMT-0). 27748 00:57:58 (0) ** - Shutdown on 07 November 2012 19:12:46 (GMT-0). 27749 00:57:58 (0) ** - Shutdown on 07 November 2012 23:16:46 (GMT-0). 27750 00:57:58 (0) ** - Shutdown on 08 November 2012 20:25:13 (GMT-0). 27751 00:57:58 (0) ** - Shutdown on 08 November 2012 21:38:30 (GMT-0). 27752 00:57:58 (0) ** - Shutdown on 08 November 2012 22:42:56 (GMT-0). 27753 00:57:58 (0) ** - Shutdown on 08 November 2012 23:49:49 (GMT-0). 27754 00:57:58 (0) ** 27755 00:57:58 (0) ** System drive: ....................................................................................................... C: (Schijfnr. 0 partitienr. 1). 27756 00:57:58 (0) ** Drive type: ......................................................................................................... IDE (M4-CT128M4SSD2). 27757 00:57:58 (0) ** There are no missing WMI system files: .............................................................................. OK. 27758 00:57:58 (0) ** There are no missing WMI repository files: .......................................................................... OK. 27759 00:57:58 (0) ** WMI repository state: ............................................................................................... CONSISTENT. 27760 00:57:58 (0) ** AFTER running WMIDiag: 27761 00:57:58 (0) ** The WMI repository has a size of: ................................................................................... 31 MB. 27762 00:57:58 (0) ** - Disk free space on 'C:': .......................................................................................... 14300 MB. 27763 00:57:58 (0) ** - INDEX.BTR, 5709824 bytes, 9-11-2012 0:54:27 27764 00:57:58 (0) ** - MAPPING1.MAP, 85496 bytes, 9-11-2012 0:54:27 27765 00:57:58 (0) ** - MAPPING2.MAP, 85496 bytes, 8-11-2012 22:54:39 27766 00:57:58 (0) ** - OBJECTS.DATA, 26443776 bytes, 9-11-2012 0:54:27 27767 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 27768 00:57:58 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED. 27769 00:57:58 (0) ** Windows Firewall Profile: ........................................................................................... PRIVATE. 27770 00:57:58 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED. 27771 00:57:58 (0) ** => This will prevent any WMI remote connectivity to this computer except 27772 00:57:58 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING: 27773 00:57:58 (0) ** - 'Windows Management Instrumentation (DCOM-In)' 27774 00:57:58 (0) ** - 'Windows Management Instrumentation (WMI-In)' 27775 00:57:58 (0) ** - 'Windows Management Instrumentation (ASync-In)' 27776 00:57:58 (0) ** Verify the reported status for each of these three inbound rules below. 27777 00:57:58 (0) ** 27778 00:57:58 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED. 27779 00:57:58 (0) ** => This will prevent any WMI remote connectivity to/from this machine. 27780 00:57:58 (0) ** - You can adjust the configuration by executing the following command: 27781 00:57:58 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES' 27782 00:57:58 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once! 27783 00:57:58 (0) ** You can also enable each individual rule instead of activating the group rule. 27784 00:57:58 (0) ** 27785 00:57:58 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED. 27786 00:57:58 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine. 27787 00:57:58 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity. 27788 00:57:58 (0) ** - You can adjust the configuration of this rule by executing the following command: 27789 00:57:58 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES' 27790 00:57:58 (0) ** 27791 00:57:58 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED. 27792 00:57:58 (0) ** => This will prevent any WMI inbound connectivity to this machine. 27793 00:57:58 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity. 27794 00:57:58 (0) ** - You can adjust the configuration of this rule by executing the following command: 27795 00:57:58 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES' 27796 00:57:58 (0) ** 27797 00:57:58 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... DISABLED. 27798 00:57:58 (0) ** => This will prevent any WMI asynchronous outbound connectivity from this machine. 27799 00:57:58 (0) ** - You can adjust the configuration of this rule by executing the following command: 27800 00:57:58 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-Out)" NEW ENABLE=YES' 27801 00:57:58 (0) ** 27802 00:57:58 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED. 27803 00:57:58 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine. 27804 00:57:58 (0) ** - You can adjust the configuration of this rule by executing the following command: 27805 00:57:58 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES' 27806 00:57:58 (0) ** 27807 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 27808 00:57:58 (0) ** DCOM Status: ........................................................................................................ OK. 27809 00:57:58 (0) ** WMI registry setup: ................................................................................................. OK. 27810 00:57:58 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)! 27811 00:57:58 (0) ** - Security Center (WSCSVC, StartMode='Automatic') 27812 00:57:58 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Manual') 27813 00:57:58 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well. 27814 00:57:58 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but 27815 00:57:58 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped, 27816 00:57:58 (0) ** this can prevent the service/application to work as expected. 27817 00:57:58 (0) ** 27818 00:57:58 (0) ** RPCSS service: ...................................................................................................... OK (Already started). 27819 00:57:58 (0) ** WINMGMT service: .................................................................................................... OK (Already started). 27820 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 27821 00:57:58 (0) ** WMI service DCOM setup: ............................................................................................. OK. 27822 00:57:58 (0) ** WMI components DCOM registrations: .................................................................................. OK. 27823 00:57:58 (0) ** WMI ProgID registrations: ........................................................................................... OK. 27824 00:57:58 (0) ** WMI provider DCOM registrations: .................................................................................... OK. 27825 00:57:58 (0) ** WMI provider CIM registrations: ..................................................................................... OK. 27826 00:57:58 (0) ** WMI provider CLSIDs: ................................................................................................ OK. 27827 00:57:58 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK. 27828 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 27829 00:57:58 (0) ** INFO: User Account Control (UAC): ................................................................................... DISABLED. 27830 00:57:58 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED. 27831 00:57:58 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative 27832 00:57:58 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer 27833 00:57:58 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote 27834 00:57:58 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group. 27835 00:57:58 (0) ** 27836 00:57:58 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 27837 00:57:58 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED! 27838 00:57:58 (0) ** - REMOVED ACE: 27839 00:57:58 (0) ** ACEType: &h0 27840 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27841 00:57:58 (0) ** ACEFlags: &h0 27842 00:57:58 (0) ** ACEMask: &h3 27843 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27844 00:57:58 (0) ** DCOM_RIGHT_ACCESS_LOCAL 27845 00:57:58 (0) ** 27846 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 27847 00:57:58 (0) ** Removing default security will cause some operations to fail! 27848 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 27849 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 27850 00:57:58 (0) ** 27851 00:57:58 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 27852 00:57:58 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED! 27853 00:57:58 (0) ** - REMOVED ACE: 27854 00:57:58 (0) ** ACEType: &h0 27855 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27856 00:57:58 (0) ** ACEFlags: &h0 27857 00:57:58 (0) ** ACEMask: &h7 27858 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27859 00:57:58 (0) ** DCOM_RIGHT_ACCESS_LOCAL 27860 00:57:58 (0) ** DCOM_RIGHT_ACCESS_REMOTE 27861 00:57:58 (0) ** 27862 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 27863 00:57:58 (0) ** Removing default security will cause some operations to fail! 27864 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 27865 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 27866 00:57:58 (0) ** 27867 00:57:58 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 27868 00:57:58 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 27869 00:57:58 (0) ** - REMOVED ACE: 27870 00:57:58 (0) ** ACEType: &h0 27871 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27872 00:57:58 (0) ** ACEFlags: &h0 27873 00:57:58 (0) ** ACEMask: &h7 27874 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27875 00:57:58 (0) ** DCOM_RIGHT_ACCESS_LOCAL 27876 00:57:58 (0) ** DCOM_RIGHT_ACCESS_REMOTE 27877 00:57:58 (0) ** 27878 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 27879 00:57:58 (0) ** Removing default security will cause some operations to fail! 27880 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 27881 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 27882 00:57:58 (0) ** 27883 00:57:58 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 27884 00:57:58 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 27885 00:57:58 (0) ** - REMOVED ACE: 27886 00:57:58 (0) ** ACEType: &h0 27887 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27888 00:57:58 (0) ** ACEFlags: &h0 27889 00:57:58 (0) ** ACEMask: &h1F 27890 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27891 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 27892 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 27893 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 27894 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 27895 00:57:58 (0) ** 27896 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 27897 00:57:58 (0) ** Removing default security will cause some operations to fail! 27898 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 27899 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 27900 00:57:58 (0) ** 27901 00:57:58 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 27902 00:57:58 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED! 27903 00:57:58 (0) ** - REMOVED ACE: 27904 00:57:58 (0) ** ACEType: &h0 27905 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27906 00:57:58 (0) ** ACEFlags: &h0 27907 00:57:58 (0) ** ACEMask: &h1F 27908 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27909 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 27910 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 27911 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 27912 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 27913 00:57:58 (0) ** 27914 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 27915 00:57:58 (0) ** Removing default security will cause some operations to fail! 27916 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 27917 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 27918 00:57:58 (0) ** 27919 00:57:58 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 27920 00:57:58 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 27921 00:57:58 (0) ** - REMOVED ACE: 27922 00:57:58 (0) ** ACEType: &h0 27923 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27924 00:57:58 (0) ** ACEFlags: &h0 27925 00:57:58 (0) ** ACEMask: &h1F 27926 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27927 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 27928 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 27929 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 27930 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 27931 00:57:58 (0) ** 27932 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 27933 00:57:58 (0) ** Removing default security will cause some operations to fail! 27934 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 27935 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 27936 00:57:58 (0) ** 27937 00:57:58 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 27938 00:57:58 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED! 27939 00:57:58 (0) ** - REMOVED ACE: 27940 00:57:58 (0) ** ACEType: &h0 27941 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27942 00:57:58 (0) ** ACEFlags: &h0 27943 00:57:58 (0) ** ACEMask: &h1F 27944 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27945 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 27946 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 27947 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 27948 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 27949 00:57:58 (0) ** 27950 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 27951 00:57:58 (0) ** Removing default security will cause some operations to fail! 27952 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 27953 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 27954 00:57:58 (0) ** 27955 00:57:58 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 27956 00:57:58 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 27957 00:57:58 (0) ** - REMOVED ACE: 27958 00:57:58 (0) ** ACEType: &h0 27959 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27960 00:57:58 (0) ** ACEFlags: &h0 27961 00:57:58 (0) ** ACEMask: &hB 27962 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27963 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 27964 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 27965 00:57:58 (0) ** 27966 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 27967 00:57:58 (0) ** Removing default security will cause some operations to fail! 27968 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 27969 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 27970 00:57:58 (0) ** 27971 00:57:58 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 27972 00:57:58 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 27973 00:57:58 (0) ** - REMOVED ACE: 27974 00:57:58 (0) ** ACEType: &h0 27975 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27976 00:57:58 (0) ** ACEFlags: &h0 27977 00:57:58 (0) ** ACEMask: &h1F 27978 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27979 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 27980 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 27981 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 27982 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 27983 00:57:58 (0) ** 27984 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 27985 00:57:58 (0) ** Removing default security will cause some operations to fail! 27986 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 27987 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 27988 00:57:58 (0) ** 27989 00:57:58 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 27990 00:57:58 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED! 27991 00:57:58 (0) ** - REMOVED ACE: 27992 00:57:58 (0) ** ACEType: &h0 27993 00:57:58 (0) ** ACCESS_ALLOWED_ACE_TYPE 27994 00:57:58 (0) ** ACEFlags: &h0 27995 00:57:58 (0) ** ACEMask: &h1F 27996 00:57:58 (0) ** DCOM_RIGHT_EXECUTE 27997 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 27998 00:57:58 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 27999 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 28000 00:57:58 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 28001 00:57:58 (0) ** 28002 00:57:58 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 28003 00:57:58 (0) ** Removing default security will cause some operations to fail! 28004 00:57:58 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 28005 00:57:58 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 28006 00:57:58 (0) ** 28007 00:57:58 (0) ** 28008 00:57:58 (0) ** DCOM security warning(s) detected: .................................................................................. 0. 28009 00:57:58 (0) ** DCOM security error(s) detected: .................................................................................... 10. 28010 00:57:58 (0) ** WMI security warning(s) detected: ................................................................................... 0. 28011 00:57:58 (0) ** WMI security error(s) detected: ..................................................................................... 0. 28012 00:57:58 (0) ** 28013 00:57:58 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR! 28014 00:57:58 (0) ** Overall WMI security status: ........................................................................................ OK. 28015 00:57:58 (0) ** - Started at 'Root' -------------------------------------------------------------------------------------------------------------- 28016 00:57:58 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2. 28017 00:57:58 (0) ** - ROOT/SUBSCRIPTION, CommandLineEventConsumer.Name="BVTConsumer". 28018 00:57:58 (0) ** 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99' 28019 00:57:58 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer". 28020 00:57:58 (0) ** 'select * from MSFT_SCMEventLogEvent' 28021 00:57:58 (0) ** 28022 00:57:58 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE. 28023 00:57:58 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 3 NAMESPACE(S)! 28024 00:57:58 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM. 28025 00:57:58 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION. 28026 00:57:58 (0) ** - ROOT/SERVICEMODEL. 28027 00:57:58 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to 28028 00:57:58 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level. 28029 00:57:58 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags) 28030 00:57:58 (0) ** i.e. 'WMIC.EXE /NODE:"JULES-PC" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity' 28031 00:57:58 (0) ** 28032 00:57:58 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK. 28033 00:57:58 (0) ** WMI CONNECTIONS: .................................................................................................... OK. 28034 00:57:58 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 34 ERROR(S)! 28035 00:57:58 (0) ** - Root/CIMV2, MSFT_NetInvalidDriverDependency, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28036 00:57:58 (0) ** MOF Registration: '' 28037 00:57:58 (0) ** - Root/CIMV2, Win32_OsBaselineProvider, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28038 00:57:58 (0) ** MOF Registration: '' 28039 00:57:58 (0) ** - Root/CIMV2, Win32_OsBaseline, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28040 00:57:58 (0) ** MOF Registration: '' 28041 00:57:58 (0) ** - Root/CIMV2, Win32_DriverVXD, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28042 00:57:58 (0) ** MOF Registration: '' 28043 00:57:58 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28044 00:57:58 (0) ** MOF Registration: '' 28045 00:57:58 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28046 00:57:58 (0) ** MOF Registration: '' 28047 00:57:58 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28048 00:57:58 (0) ** MOF Registration: '' 28049 00:57:58 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28050 00:57:58 (0) ** MOF Registration: '' 28051 00:57:58 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28052 00:57:58 (0) ** MOF Registration: '' 28053 00:57:58 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28054 00:57:58 (0) ** MOF Registration: '' 28055 00:57:58 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28056 00:57:58 (0) ** MOF Registration: '' 28057 00:57:58 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28058 00:57:58 (0) ** MOF Registration: '' 28059 00:57:58 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28060 00:57:58 (0) ** MOF Registration: '' 28061 00:57:58 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28062 00:57:58 (0) ** MOF Registration: '' 28063 00:57:58 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28064 00:57:58 (0) ** MOF Registration: '' 28065 00:57:58 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28066 00:57:58 (0) ** MOF Registration: '' 28067 00:57:58 (0) ** - Root/WMI, MSStorageDriver_ScsiRequestBlock, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28068 00:57:58 (0) ** MOF Registration: '' 28069 00:57:58 (0) ** - Root/WMI, MSStorageDriver_ClassErrorLogEntry, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28070 00:57:58 (0) ** MOF Registration: '' 28071 00:57:58 (0) ** - Root/WMI, ReserveDisjoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28072 00:57:58 (0) ** MOF Registration: '' 28073 00:57:58 (0) ** - Root/WMI, ReserveLateCount, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28074 00:57:58 (0) ** MOF Registration: '' 28075 00:57:58 (0) ** - Root/WMI, ReserveJoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28076 00:57:58 (0) ** MOF Registration: '' 28077 00:57:58 (0) ** - Root/WMI, ReserveDelete, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28078 00:57:58 (0) ** MOF Registration: '' 28079 00:57:58 (0) ** - Root/WMI, ReserveBandwidth, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28080 00:57:58 (0) ** MOF Registration: '' 28081 00:57:58 (0) ** - Root/WMI, ReserveCreate, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28082 00:57:58 (0) ** MOF Registration: '' 28083 00:57:58 (0) ** - Root/WMI, SystemConfig_PhyDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28084 00:57:58 (0) ** MOF Registration: '' 28085 00:57:58 (0) ** - Root/WMI, SystemConfig_Video, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28086 00:57:58 (0) ** MOF Registration: '' 28087 00:57:58 (0) ** - Root/WMI, SystemConfig_IDEChannel, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28088 00:57:58 (0) ** MOF Registration: '' 28089 00:57:58 (0) ** - Root/WMI, SystemConfig_NIC, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28090 00:57:58 (0) ** MOF Registration: '' 28091 00:57:58 (0) ** - Root/WMI, SystemConfig_Network, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28092 00:57:58 (0) ** MOF Registration: '' 28093 00:57:58 (0) ** - Root/WMI, SystemConfig_CPU, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28094 00:57:58 (0) ** MOF Registration: '' 28095 00:57:58 (0) ** - Root/WMI, SystemConfig_LogDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28096 00:57:58 (0) ** MOF Registration: '' 28097 00:57:58 (0) ** - Root/WMI, SystemConfig_Power, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28098 00:57:58 (0) ** MOF Registration: '' 28099 00:57:58 (0) ** - Root/WMI, MSStorageDriver_SenseData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28100 00:57:58 (0) ** MOF Registration: '' 28101 00:57:58 (0) ** - Root/WMI, MSStorageDriver_ClassErrorLog, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 28102 00:57:58 (0) ** MOF Registration: '' 28103 00:57:58 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_TermService_TerminalServices'), it is generally due to 28104 00:57:58 (0) ** a lack of buffer refresh of the WMI class provider exposing the WMI performance counters. 28105 00:57:58 (0) ** You can refresh the WMI class provider buffer with the following command: 28106 00:57:58 (0) ** 28107 00:57:58 (0) ** i.e. 'WINMGMT.EXE /SYNCPERF' 28108 00:57:58 (0) ** 28109 00:57:58 (0) ** WMI MOF representations: ............................................................................................ OK. 28110 00:57:58 (0) ** WMI QUALIFIER access operations: .................................................................................... OK. 28111 00:57:58 (0) ** WMI ENUMERATION operations: ......................................................................................... OK. 28112 00:57:58 (0) ** WMI EXECQUERY operations: ........................................................................................... OK. 28113 00:57:58 (0) ** WMI GET VALUE operations: ........................................................................................... OK. 28114 00:57:58 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED. 28115 00:57:58 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED. 28116 00:57:58 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED. 28117 00:57:58 (0) ** WMI static instances retrieved: ..................................................................................... 1730. 28118 00:57:58 (0) ** WMI dynamic instances retrieved: .................................................................................... 0. 28119 00:57:58 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1. 28120 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 28121 00:57:58 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s): 28122 00:57:58 (0) ** DCOM: ............................................................................................................. 0. 28123 00:57:58 (0) ** WINMGMT: .......................................................................................................... 0. 28124 00:57:58 (0) ** WMIADAPTER: ....................................................................................................... 0. 28125 00:57:58 (0) ** 28126 00:57:58 (0) ** # of additional Event Log events AFTER WMIDiag execution: 28127 00:57:58 (0) ** DCOM: ............................................................................................................. 0. 28128 00:57:58 (0) ** WINMGMT: .......................................................................................................... 0. 28129 00:57:58 (0) ** WMIADAPTER: ....................................................................................................... 0. 28130 00:57:58 (0) ** 28131 00:57:58 (0) ** 34 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found 28132 00:57:58 (0) ** => This error is typically a WMI error. This WMI error is due to: 28133 00:57:58 (0) ** - a missing WMI class definition or object. 28134 00:57:58 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures). 28135 00:57:58 (0) ** You can correct the missing class definitions by: 28136 00:57:58 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP ' command. 28137 00:57:58 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag. 28138 00:57:58 (0) ** (This list can be built on a similar and working WMI Windows installation) 28139 00:57:58 (0) ** The following command line must be used: 28140 00:57:58 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider' 28141 00:57:58 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters 28142 00:57:58 (0) ** with WMI by starting the ADAP process. 28143 00:57:58 (0) ** - a WMI repository corruption. 28144 00:57:58 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter 28145 00:57:58 (0) ** to validate the WMI repository operations. 28146 00:57:58 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before 28147 00:57:58 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use: 28148 00:57:58 (0) ** i.e. 'WMIDiag WriteInRepository=Root' 28149 00:57:58 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces 28150 00:57:58 (0) ** the WMI repository must be reconstructed. 28151 00:57:58 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository, 28152 00:57:58 (0) ** otherwise some applications may fail after the reconstruction. 28153 00:57:58 (0) ** This can be achieved with the following command: 28154 00:57:58 (0) ** i.e. 'WMIDiag ShowMOFErrors' 28155 00:57:58 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing 28156 00:57:58 (0) ** ALL fixes previously mentioned. 28157 00:57:58 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory) 28158 00:57:58 (0) ** 28159 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 28160 00:57:58 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 1 KEY(S)! 28161 00:57:58 (0) ** INFO: Unexpected registry key value: 28162 00:57:58 (0) ** - Current: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 0 28163 00:57:58 (0) ** - Expected: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 1 28164 00:57:58 (0) ** From the command line, the registry configuration can be corrected with the following command: 28165 00:57:58 (0) ** i.e. 'REG.EXE Add "HKLM\SOFTWARE\Microsoft\WBEM\CIMOM" /v "Logging" /t "REG_SZ" /d "1" /f' 28166 00:57:58 (0) ** 28167 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 28168 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 28169 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 28170 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 28171 00:57:58 (0) ** 28172 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 28173 00:57:58 (0) ** ------------------------------------------------------ WMI REPORT: END ----------------------------------------------------------- 28174 00:57:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 28175 00:57:58 (0) ** 28176 00:57:58 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\JULES\APPDATA\LOCAL\TEMP\WMIDIAG-V2.1_WIN7_.CLI.SP1.64_JULES-PC_2012.11.09_00.53.50.LOG' for details. 28177 00:57:58 (0) ** 28178 00:57:58 (0) ** WMIDiag v2.1 ended on vrijdag 9 november 2012 at 00:57 (W:101 E:46 S:1).